Compare commits
No commits in common. 'c9' and 'c9-beta' have entirely different histories.
@ -0,0 +1,74 @@
|
|||||||
|
From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Tue, 13 Jun 2023 18:02:52 +0200
|
||||||
|
Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option
|
||||||
|
|
||||||
|
realmd checks if the 'ad_server' option is set in sssd.conf before
|
||||||
|
calling adcli to remove the host from the AD server. If set the value is
|
||||||
|
used as value for dcli's '--domain-controller' option. But if multiple
|
||||||
|
names are set in sssd.conf this currently fails because the whole string
|
||||||
|
is used.
|
||||||
|
|
||||||
|
With this patch the 'ad_server' option is properly evaluated and only
|
||||||
|
the first domain controller name is used.
|
||||||
|
---
|
||||||
|
service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 35 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
||||||
|
index 2817e73..096b6c5 100644
|
||||||
|
--- a/service/realm-sssd-ad.c
|
||||||
|
+++ b/service/realm-sssd-ad.c
|
||||||
|
@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm,
|
||||||
|
return g_task_propagate_boolean (G_TASK (result), error);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static gchar *get_ad_server_from_config (RealmKerberos *realm)
|
||||||
|
+{
|
||||||
|
+ RealmSssd *sssd = REALM_SSSD (realm);
|
||||||
|
+ RealmIniConfig *config;
|
||||||
|
+ const gchar *section;
|
||||||
|
+ gchar **servers;
|
||||||
|
+ gchar *tmp;
|
||||||
|
+ size_t c;
|
||||||
|
+ gchar *value = NULL;
|
||||||
|
+
|
||||||
|
+ config = realm_sssd_get_config (sssd);
|
||||||
|
+ section = realm_sssd_get_config_section (sssd);
|
||||||
|
+
|
||||||
|
+ if (section == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ servers = realm_ini_config_get_list (config, section, "ad_server", ",");
|
||||||
|
+ /* Only use the first server defined given in 'ad_server' and ignore
|
||||||
|
+ * '_srv_'. */
|
||||||
|
+ if (servers != NULL) {
|
||||||
|
+ for (c = 0; servers[c] != NULL; c++) {
|
||||||
|
+ tmp = g_strstrip (servers[c]);
|
||||||
|
+ if (strcasecmp ("_srv_", tmp) != 0) {
|
||||||
|
+ value = g_strdup (tmp);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ g_strfreev (servers);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return value;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||||
|
RealmDisco *disco)
|
||||||
|
@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||||
|
if (section == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
- value = realm_ini_config_get (config, section, "ad_server");
|
||||||
|
+ value = get_ad_server_from_config (realm);
|
||||||
|
g_free (disco->explicit_server);
|
||||||
|
disco->explicit_server = value;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,69 @@
|
|||||||
|
From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Wed, 10 Jan 2024 09:18:20 +0100
|
||||||
|
Subject: [PATCH] tools: fix ccache handling for leave operation
|
||||||
|
|
||||||
|
krb5_cc_initialize() must be called before anything can be written into
|
||||||
|
a ccache.
|
||||||
|
|
||||||
|
While checking the available credential types the order/preference was
|
||||||
|
not respected.
|
||||||
|
|
||||||
|
Resolves: https://issues.redhat.com/browse/SSSD-6420
|
||||||
|
---
|
||||||
|
tools/realm-client.c | 25 ++++++++++++++++---------
|
||||||
|
1 file changed, 16 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tools/realm-client.c b/tools/realm-client.c
|
||||||
|
index c386e64..06420ea 100644
|
||||||
|
--- a/tools/realm-client.c
|
||||||
|
+++ b/tools/realm-client.c
|
||||||
|
@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
|
||||||
|
GVariantIter iter;
|
||||||
|
const gchar *type;
|
||||||
|
const gchar *owner;
|
||||||
|
-
|
||||||
|
- g_variant_iter_init (&iter, supported);
|
||||||
|
- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||||
|
- if (g_strcmp0 (credential_type_1, type) == 0 ||
|
||||||
|
- g_strcmp0 (credential_type_2, type) == 0) {
|
||||||
|
- *ret_owner = owner;
|
||||||
|
- return type;
|
||||||
|
+ const gchar *list[] = {credential_type_1, credential_type_2, NULL};
|
||||||
|
+ size_t c;
|
||||||
|
+
|
||||||
|
+ for (c = 0; list[c] != NULL; c++) {
|
||||||
|
+ g_variant_iter_init (&iter, supported);
|
||||||
|
+ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||||
|
+ if (g_strcmp0 (list[c], type) == 0) {
|
||||||
|
+ *ret_owner = owner;
|
||||||
|
+ return type;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
|
||||||
|
memset (&mcred, 0, sizeof (mcred));
|
||||||
|
mcred.client = principal;
|
||||||
|
mcred.server = server;
|
||||||
|
- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
|
||||||
|
- mcred.times.endtime = mcred.times.starttime;
|
||||||
|
|
||||||
|
code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
|
||||||
|
&mcred, &creds);
|
||||||
|
@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ code = krb5_cc_initialize (krb5, ccache, creds.client);
|
||||||
|
+ if (code != 0) {
|
||||||
|
+ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
code = krb5_cc_store_cred (krb5, ccache, &creds);
|
||||||
|
krb5_free_cred_contents (krb5, &creds);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,88 @@
|
|||||||
|
From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Fri, 1 Dec 2023 12:14:06 +0100
|
||||||
|
Subject: [PATCH 2/3] service: fix error message when removing host from AD
|
||||||
|
|
||||||
|
If there is an error while trying to remove the host from AD with the
|
||||||
|
help of adcli the error message talks about "joining" which might be
|
||||||
|
irritating when figuring out the reason for the failure. This patch
|
||||||
|
adds a better message when leaving the domain.
|
||||||
|
---
|
||||||
|
service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
|
||||||
|
index e0d752b..c913987 100644
|
||||||
|
--- a/service/realm-adcli-enroll.c
|
||||||
|
+++ b/service/realm-adcli-enroll.c
|
||||||
|
@@ -25,9 +25,10 @@
|
||||||
|
#include "realm-settings.h"
|
||||||
|
|
||||||
|
static void
|
||||||
|
-on_join_process (GObject *source,
|
||||||
|
- GAsyncResult *result,
|
||||||
|
- gpointer user_data)
|
||||||
|
+on_join_leave_process (GObject *source,
|
||||||
|
+ GAsyncResult *result,
|
||||||
|
+ gpointer user_data,
|
||||||
|
+ gboolean is_join)
|
||||||
|
{
|
||||||
|
GTask *task = G_TASK (user_data);
|
||||||
|
GError *error = NULL;
|
||||||
|
@@ -39,15 +40,18 @@ on_join_process (GObject *source,
|
||||||
|
switch (status) {
|
||||||
|
case 2: /* ADCLI_ERR_UNEXPECTED */
|
||||||
|
g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
|
||||||
|
- "Internal unexpected error joining the domain");
|
||||||
|
+ is_join ? "Internal unexpected error joining the domain"
|
||||||
|
+ : "Internal unexpected error removing host from the domain");
|
||||||
|
break;
|
||||||
|
case 6: /* ADCLI_ERR_CREDENTIALS */
|
||||||
|
g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
|
||||||
|
- "Insufficient permissions to join the domain");
|
||||||
|
+ is_join ? "Insufficient permissions to join the domain"
|
||||||
|
+ : "Insufficient permissions to remove the host from the domain");
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
|
||||||
|
- "Failed to join the domain");
|
||||||
|
+ is_join ? "Failed to join the domain"
|
||||||
|
+ : "Failed to remove the host from the domain");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -64,6 +68,22 @@ on_join_process (GObject *source,
|
||||||
|
g_object_unref (task);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+on_join_process (GObject *source,
|
||||||
|
+ GAsyncResult *result,
|
||||||
|
+ gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ on_join_leave_process (source, result, user_data, TRUE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+on_leave_process (GObject *source,
|
||||||
|
+ GAsyncResult *result,
|
||||||
|
+ gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ on_join_leave_process (source, result, user_data, FALSE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void
|
||||||
|
realm_adcli_enroll_join_async (RealmDisco *disco,
|
||||||
|
RealmCredential *cred,
|
||||||
|
@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
|
||||||
|
g_ptr_array_add (args, NULL);
|
||||||
|
|
||||||
|
realm_command_runv_async ((gchar **)args->pdata, environ, input,
|
||||||
|
- invocation, on_join_process,
|
||||||
|
+ invocation, on_leave_process,
|
||||||
|
g_object_ref (task));
|
||||||
|
|
||||||
|
g_ptr_array_free (args, TRUE);
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Fri, 1 Dec 2023 13:07:10 +0100
|
||||||
|
Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page
|
||||||
|
|
||||||
|
---
|
||||||
|
doc/manual/realmd.conf.xml | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
|
||||||
|
index 72b706c..ad17639 100644
|
||||||
|
--- a/doc/manual/realmd.conf.xml
|
||||||
|
+++ b/doc/manual/realmd.conf.xml
|
||||||
|
@@ -110,7 +110,8 @@ default-client = sssd
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>Some callers of <command>realmd</command> such as the
|
||||||
|
- <link linkend="realm"><command>realm</command></link>
|
||||||
|
+ <citerefentry><refentrytitle>realm</refentrytitle>
|
||||||
|
+ <manvolnum>8</manvolnum></citerefentry>
|
||||||
|
command line tool allow specifying which client software should
|
||||||
|
be used. Others, such as GNOME Control Center, simplify choose
|
||||||
|
the default.</para>
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
Loading…
Reference in new issue